Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ftgl-2.4.0/cmake/config.h Examining data/ftgl-2.4.0/demo/FTGLDemo.cpp Examining data/ftgl-2.4.0/demo/FTGLMFontDemo.cpp Examining data/ftgl-2.4.0/demo/c-demo.c Examining data/ftgl-2.4.0/demo/simple.cpp Examining data/ftgl-2.4.0/demo/tb.c Examining data/ftgl-2.4.0/demo/tb.h Examining data/ftgl-2.4.0/demo/trackball.c Examining data/ftgl-2.4.0/demo/trackball.h Examining data/ftgl-2.4.0/msvc/config.h Examining data/ftgl-2.4.0/src/FTBuffer.cpp Examining data/ftgl-2.4.0/src/FTCharToGlyphIndexMap.h Examining data/ftgl-2.4.0/src/FTCharmap.cpp Examining data/ftgl-2.4.0/src/FTCharmap.h Examining data/ftgl-2.4.0/src/FTCleanup.cpp Examining data/ftgl-2.4.0/src/FTCleanup.h Examining data/ftgl-2.4.0/src/FTContour.cpp Examining data/ftgl-2.4.0/src/FTContour.h Examining data/ftgl-2.4.0/src/FTFace.cpp Examining data/ftgl-2.4.0/src/FTFace.h Examining data/ftgl-2.4.0/src/FTFont/FTBitmapFont.cpp Examining data/ftgl-2.4.0/src/FTFont/FTBitmapFontImpl.h Examining data/ftgl-2.4.0/src/FTFont/FTBufferFont.cpp Examining data/ftgl-2.4.0/src/FTFont/FTBufferFontImpl.h Examining data/ftgl-2.4.0/src/FTFont/FTExtrudeFont.cpp Examining data/ftgl-2.4.0/src/FTFont/FTExtrudeFontImpl.h Examining data/ftgl-2.4.0/src/FTFont/FTFont.cpp Examining data/ftgl-2.4.0/src/FTFont/FTFontGlue.cpp Examining data/ftgl-2.4.0/src/FTFont/FTFontImpl.h Examining data/ftgl-2.4.0/src/FTFont/FTOutlineFont.cpp Examining data/ftgl-2.4.0/src/FTFont/FTOutlineFontImpl.h Examining data/ftgl-2.4.0/src/FTFont/FTPixmapFont.cpp Examining data/ftgl-2.4.0/src/FTFont/FTPixmapFontImpl.h Examining data/ftgl-2.4.0/src/FTFont/FTPolygonFont.cpp Examining data/ftgl-2.4.0/src/FTFont/FTPolygonFontImpl.h Examining data/ftgl-2.4.0/src/FTFont/FTTextureFont.cpp Examining data/ftgl-2.4.0/src/FTFont/FTTextureFontImpl.h Examining data/ftgl-2.4.0/src/FTFont/FTTriangleExtractorFont.cpp Examining data/ftgl-2.4.0/src/FTFont/FTTriangleExtractorFontImpl.h Examining data/ftgl-2.4.0/src/FTGL.cpp Examining data/ftgl-2.4.0/src/FTGL/FTBBox.h Examining data/ftgl-2.4.0/src/FTGL/FTBitmapGlyph.h Examining data/ftgl-2.4.0/src/FTGL/FTBuffer.h Examining data/ftgl-2.4.0/src/FTGL/FTBufferFont.h Examining data/ftgl-2.4.0/src/FTGL/FTBufferGlyph.h Examining data/ftgl-2.4.0/src/FTGL/FTExtrdGlyph.h Examining data/ftgl-2.4.0/src/FTGL/FTFont.h Examining data/ftgl-2.4.0/src/FTGL/FTGLBitmapFont.h Examining data/ftgl-2.4.0/src/FTGL/FTGLExtrdFont.h Examining data/ftgl-2.4.0/src/FTGL/FTGLOutlineFont.h Examining data/ftgl-2.4.0/src/FTGL/FTGLPixmapFont.h Examining data/ftgl-2.4.0/src/FTGL/FTGLPolygonFont.h Examining data/ftgl-2.4.0/src/FTGL/FTGLTextureFont.h Examining data/ftgl-2.4.0/src/FTGL/FTGLTriangleExtractorFont.h Examining data/ftgl-2.4.0/src/FTGL/FTGlyph.h Examining data/ftgl-2.4.0/src/FTGL/FTLayout.h Examining data/ftgl-2.4.0/src/FTGL/FTLibrary.h Examining data/ftgl-2.4.0/src/FTGL/FTOutlineGlyph.h Examining data/ftgl-2.4.0/src/FTGL/FTPixmapGlyph.h Examining data/ftgl-2.4.0/src/FTGL/FTPoint.h Examining data/ftgl-2.4.0/src/FTGL/FTPolyGlyph.h Examining data/ftgl-2.4.0/src/FTGL/FTSimpleLayout.h Examining data/ftgl-2.4.0/src/FTGL/FTTextureGlyph.h Examining data/ftgl-2.4.0/src/FTGL/FTTriangleExtractorGlyph.h Examining data/ftgl-2.4.0/src/FTGL/ftgl.h Examining data/ftgl-2.4.0/src/FTGlyph/FTBitmapGlyph.cpp Examining data/ftgl-2.4.0/src/FTGlyph/FTBitmapGlyphImpl.h Examining data/ftgl-2.4.0/src/FTGlyph/FTBufferGlyph.cpp Examining data/ftgl-2.4.0/src/FTGlyph/FTBufferGlyphImpl.h Examining data/ftgl-2.4.0/src/FTGlyph/FTExtrudeGlyph.cpp Examining data/ftgl-2.4.0/src/FTGlyph/FTExtrudeGlyphImpl.h Examining data/ftgl-2.4.0/src/FTGlyph/FTGlyph.cpp Examining data/ftgl-2.4.0/src/FTGlyph/FTGlyphGlue.cpp Examining data/ftgl-2.4.0/src/FTGlyph/FTGlyphImpl.h Examining data/ftgl-2.4.0/src/FTGlyph/FTOutlineGlyph.cpp Examining data/ftgl-2.4.0/src/FTGlyph/FTOutlineGlyphImpl.h Examining data/ftgl-2.4.0/src/FTGlyph/FTPixmapGlyph.cpp Examining data/ftgl-2.4.0/src/FTGlyph/FTPixmapGlyphImpl.h Examining data/ftgl-2.4.0/src/FTGlyph/FTPolygonGlyph.cpp Examining data/ftgl-2.4.0/src/FTGlyph/FTPolygonGlyphImpl.h Examining data/ftgl-2.4.0/src/FTGlyph/FTTextureGlyph.cpp Examining data/ftgl-2.4.0/src/FTGlyph/FTTextureGlyphImpl.h Examining data/ftgl-2.4.0/src/FTGlyph/FTTriangleExtractorGlyph.cpp Examining data/ftgl-2.4.0/src/FTGlyph/FTTriangleExtractorGlyphImpl.h Examining data/ftgl-2.4.0/src/FTGlyphContainer.cpp Examining data/ftgl-2.4.0/src/FTGlyphContainer.h Examining data/ftgl-2.4.0/src/FTInternals.h Examining data/ftgl-2.4.0/src/FTLayout/FTLayout.cpp Examining data/ftgl-2.4.0/src/FTLayout/FTLayoutGlue.cpp Examining data/ftgl-2.4.0/src/FTLayout/FTLayoutImpl.h Examining data/ftgl-2.4.0/src/FTLayout/FTSimpleLayout.cpp Examining data/ftgl-2.4.0/src/FTLayout/FTSimpleLayoutImpl.h Examining data/ftgl-2.4.0/src/FTLibrary.cpp Examining data/ftgl-2.4.0/src/FTList.h Examining data/ftgl-2.4.0/src/FTPoint.cpp Examining data/ftgl-2.4.0/src/FTSize.cpp Examining data/ftgl-2.4.0/src/FTSize.h Examining data/ftgl-2.4.0/src/FTUnicode.h Examining data/ftgl-2.4.0/src/FTVector.h Examining data/ftgl-2.4.0/src/FTVectoriser.cpp Examining data/ftgl-2.4.0/src/FTVectoriser.h Examining data/ftgl-2.4.0/test/CTest.c Examining data/ftgl-2.4.0/test/CXXTest.cpp Examining data/ftgl-2.4.0/test/FTBBox-Test.cpp Examining data/ftgl-2.4.0/test/FTBitmapFont-Test.cpp Examining data/ftgl-2.4.0/test/FTBitmapGlyph-Test.cpp Examining data/ftgl-2.4.0/test/FTBufferFont-Bitmap.cpp Examining data/ftgl-2.4.0/test/FTCharToGlyphIndexMap-Test.cpp Examining data/ftgl-2.4.0/test/FTCharmap-Test.cpp Examining data/ftgl-2.4.0/test/FTContour-NaN.cpp Examining data/ftgl-2.4.0/test/FTContour-Test.cpp Examining data/ftgl-2.4.0/test/FTExtrudeFont-Test.cpp Examining data/ftgl-2.4.0/test/FTExtrudeGlyph-Test.cpp Examining data/ftgl-2.4.0/test/FTFace-Test.cpp Examining data/ftgl-2.4.0/test/FTFont-Test.cpp Examining data/ftgl-2.4.0/test/FTGlyph-Test.cpp Examining data/ftgl-2.4.0/test/FTGlyphContainer-Test.cpp Examining data/ftgl-2.4.0/test/FTLibrary-Test.cpp Examining data/ftgl-2.4.0/test/FTList-Test.cpp Examining data/ftgl-2.4.0/test/FTMesh-Test.cpp Examining data/ftgl-2.4.0/test/FTOutlineFont-Test.cpp Examining data/ftgl-2.4.0/test/FTOutlineFont-UnInVec.cpp Examining data/ftgl-2.4.0/test/FTOutlineGlyph-Test.cpp Examining data/ftgl-2.4.0/test/FTPixmapFont-Bitmap.cpp Examining data/ftgl-2.4.0/test/FTPixmapFont-Test.cpp Examining data/ftgl-2.4.0/test/FTPixmapGlyph-Test.cpp Examining data/ftgl-2.4.0/test/FTPoint-Test.cpp Examining data/ftgl-2.4.0/test/FTPolygonFont-Test.cpp Examining data/ftgl-2.4.0/test/FTPolygonFont-UnInVec.cpp Examining data/ftgl-2.4.0/test/FTPolygonGlyph-Test.cpp Examining data/ftgl-2.4.0/test/FTSize-Test.cpp Examining data/ftgl-2.4.0/test/FTTesselation-Test.cpp Examining data/ftgl-2.4.0/test/FTTextureFont-Bitmap.cpp Examining data/ftgl-2.4.0/test/FTTextureFont-Test.cpp Examining data/ftgl-2.4.0/test/FTTextureGlyph-Test.cpp Examining data/ftgl-2.4.0/test/FTTriangleExtract-Test.cpp Examining data/ftgl-2.4.0/test/FTVector-Test.cpp Examining data/ftgl-2.4.0/test/FTVectoriser-Test.cpp Examining data/ftgl-2.4.0/test/FTlayout-Test.cpp Examining data/ftgl-2.4.0/test/HPGCalc_afm.cpp Examining data/ftgl-2.4.0/test/HPGCalc_pfb.cpp Examining data/ftgl-2.4.0/test/demo.cpp Examining data/ftgl-2.4.0/test/mmgr.cpp Examining data/ftgl-2.4.0/test/mmgr.h Examining data/ftgl-2.4.0/test/nommgr.h FINAL RESULTS: data/ftgl-2.4.0/test/mmgr.cpp:258:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, format, ap); data/ftgl-2.4.0/test/mmgr.cpp:341:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(str, "%s(%05d)::%s", sourceFileStripper(sourceFile), sourceLine, sourceFunc); data/ftgl-2.4.0/test/mmgr.cpp:377:31: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. if (size > (1024*1024)) sprintf(str, "%10s (%7.2fM)", insertCommas(size), (float) size / (1024.0f * 1024.0f)); data/ftgl-2.4.0/test/mmgr.cpp:378:25: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else if (size > 1024) sprintf(str, "%10s (%7.2fK)", insertCommas(size), (float) size / 1024.0f); data/ftgl-2.4.0/test/mmgr.cpp:379:10: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. else sprintf(str, "%10s bytes ", insertCommas(size)); data/ftgl-2.4.0/demo/FTGLDemo.cpp:82:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char myString[4096]; data/ftgl-2.4.0/demo/FTGLDemo.cpp:180:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(myString, "OpenGL is a powerful software interface for graphics " data/ftgl-2.4.0/demo/FTGLDemo.cpp:185:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(myString, "OpenGL (Open Graphics Library — открытая графическая " data/ftgl-2.4.0/demo/FTGLDemo.cpp:191:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(myString, "OpenGL™ 是行业领域中最为广泛接纳的 2D/3D 图形 API, " data/ftgl-2.4.0/demo/FTGLMFontDemo.cpp:95:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char myString[4096]; data/ftgl-2.4.0/demo/FTGLMFontDemo.cpp:206:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(myString, "OpenGL is a powerful software interface for graphics " data/ftgl-2.4.0/src/FTFace.cpp:122:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FT_Open_Args open; data/ftgl-2.4.0/src/FTFace.cpp:124:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open.flags = FT_OPEN_MEMORY; data/ftgl-2.4.0/src/FTFace.cpp:125:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open.memory_base = (FT_Byte const *)pBufferBytes; data/ftgl-2.4.0/src/FTFace.cpp:126:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open.memory_size = (FT_Long)bufferSizeInBytes; data/ftgl-2.4.0/src/FTFace.cpp:128:38: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). err = FT_Attach_Stream(*ftFace, &open); data/ftgl-2.4.0/src/FTFont/FTBufferFont.cpp:198:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, s, len); data/ftgl-2.4.0/src/FTFont/FTBufferFont.cpp:218:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, s, len * sizeof(wchar_t)); data/ftgl-2.4.0/src/FTGL/FTFont.h:590:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. FTGL_EXPORT void ftglGetFontBBox(FTGLfont* font, const char *string, data/ftgl-2.4.0/src/FTGlyph/FTBitmapGlyph.cpp:94:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, srcPitch); data/ftgl-2.4.0/src/FTGlyph/FTBufferGlyph.cpp:75:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pixels, bitmap.buffer, bitmap.pitch * bitmap.rows); data/ftgl-2.4.0/src/FTLayout/FTLayoutGlue.cpp:83:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void ftglGetLayoutBBox(FTGLlayout *l, const char * s, float c[6]) data/ftgl-2.4.0/src/FTUnicode.h:151:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char utf8bytes[256]; data/ftgl-2.4.0/test/FTContour-Test.cpp:25:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char straightLineTags[3] = data/ftgl-2.4.0/test/FTContour-Test.cpp:32:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char brokenTags[3] = data/ftgl-2.4.0/test/FTContour-Test.cpp:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char simpleConicTags[3] = data/ftgl-2.4.0/test/FTContour-Test.cpp:68:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char doubleConicTags[4] = data/ftgl-2.4.0/test/FTContour-Test.cpp:84:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cubicTags[4] = data/ftgl-2.4.0/test/FTContour-Test.cpp:116:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char compositeTags[18] = data/ftgl-2.4.0/test/HPGCalc_afm.cpp:15:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char byte_data_HPGCalc_afm[ ] = data/ftgl-2.4.0/test/HPGCalc_pfb.cpp:15:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char byte_data_HPGCalc_pfb[ ] = data/ftgl-2.4.0/test/demo.cpp:138:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[8][256]; data/ftgl-2.4.0/test/demo.cpp:249:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen(fontFilePath, "r"); data/ftgl-2.4.0/test/mmgr.cpp:255:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[2048]; data/ftgl-2.4.0/test/mmgr.cpp:267:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(memoryLogFile, "ab"); data/ftgl-2.4.0/test/mmgr.cpp:339:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[90]; data/ftgl-2.4.0/test/mmgr.cpp:349:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[30]; data/ftgl-2.4.0/test/mmgr.cpp:352:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%u", value); data/ftgl-2.4.0/test/mmgr.cpp:376:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char str[90]; data/ftgl-2.4.0/test/mmgr.cpp:530:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(memoryLeakLogFile, "w+b"); data/ftgl-2.4.0/test/mmgr.cpp:541:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char timeString[25]; data/ftgl-2.4.0/test/mmgr.cpp:1122:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy (au->sourceFile, "??"); data/ftgl-2.4.0/test/mmgr.cpp:1124:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy (au->sourceFunc, "??"); data/ftgl-2.4.0/test/mmgr.cpp:1319:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy (au->sourceFile, "??"); data/ftgl-2.4.0/test/mmgr.cpp:1321:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. else strcpy (au->sourceFunc, "??"); data/ftgl-2.4.0/test/mmgr.cpp:1674:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (overwrite) fp = fopen(filename, "w+b"); data/ftgl-2.4.0/test/mmgr.cpp:1675:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). else fp = fopen(filename, "ab"); data/ftgl-2.4.0/test/mmgr.cpp:1684:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char timeString[25]; data/ftgl-2.4.0/test/mmgr.h:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sourceFile[40]; data/ftgl-2.4.0/test/mmgr.h:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sourceFunc[40]; data/ftgl-2.4.0/src/FTFont/FTBufferFont.cpp:213:20: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)wcslen(s); data/ftgl-2.4.0/test/mmgr.cpp:353:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) > 3) data/ftgl-2.4.0/test/mmgr.cpp:355:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(&str[strlen(str)-3], &str[strlen(str)-4], 4); data/ftgl-2.4.0/test/mmgr.cpp:355:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(&str[strlen(str)-3], &str[strlen(str)-4], 4); data/ftgl-2.4.0/test/mmgr.cpp:356:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str[strlen(str) - 4] = ','; data/ftgl-2.4.0/test/mmgr.cpp:358:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) > 7) data/ftgl-2.4.0/test/mmgr.cpp:360:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(&str[strlen(str)-7], &str[strlen(str)-8], 8); data/ftgl-2.4.0/test/mmgr.cpp:360:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(&str[strlen(str)-7], &str[strlen(str)-8], 8); data/ftgl-2.4.0/test/mmgr.cpp:361:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str[strlen(str) - 8] = ','; data/ftgl-2.4.0/test/mmgr.cpp:363:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) > 11) data/ftgl-2.4.0/test/mmgr.cpp:365:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(&str[strlen(str)-11], &str[strlen(str)-12], 12); data/ftgl-2.4.0/test/mmgr.cpp:365:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(&str[strlen(str)-11], &str[strlen(str)-12], 12); data/ftgl-2.4.0/test/mmgr.cpp:366:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str[strlen(str) - 12] = ','; data/ftgl-2.4.0/test/mmgr.cpp:1121:19: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (sourceFile) strncpy(au->sourceFile, sourceFileStripper(sourceFile), sizeof(au->sourceFile) - 1); data/ftgl-2.4.0/test/mmgr.cpp:1123:19: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (sourceFunc) strncpy(au->sourceFunc, sourceFunc, sizeof(au->sourceFunc) - 1); data/ftgl-2.4.0/test/mmgr.cpp:1318:19: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (sourceFile) strncpy(au->sourceFile, sourceFileStripper(sourceFile), sizeof(au->sourceFile) - 1); data/ftgl-2.4.0/test/mmgr.cpp:1320:19: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). if (sourceFunc) strncpy(au->sourceFunc, sourceFunc, sizeof(au->sourceFunc) - 1); ANALYSIS SUMMARY: Hits = 67 Lines analyzed = 29760 in approximately 1.22 seconds (24324 lines/second) Physical Source Lines of Code (SLOC) = 18562 Hits@level = [0] 82 [1] 17 [2] 45 [3] 0 [4] 5 [5] 0 Hits@level+ = [0+] 149 [1+] 67 [2+] 50 [3+] 5 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 8.02715 [1+] 3.60952 [2+] 2.69368 [3+] 0.269368 [4+] 0.269368 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.